Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords

On Wed, Apr 20, 2005 at 09:58:31PM -0400, Stephen Frost wrote:
> * Greg Stark (gsstark@mit.edu) wrote:
> > Stephen Frost <sfrost@snowman.net> writes:
> > > I have some hopes that pointing out the rather large problem with the
> > > md5 authentication mechanism in pg_hba.conf will lead them to discourage
> > > it's use and thus reduce the occourances of the salt being made
> > > available to the user giving more weight to the usefullness of having it
> > > be a random salt.  Additionally, it's been a few years, perhaps
> > > viewpoints have changed.
> > 
> > Salts are always given to the user, that's how they work. They're not secret.
> 
> You're confusing the issues I'm afraid.  If you're using md5 to secure
> your transport then yes, you must provide the salt to the user since the
> same salt must be used on both sides.  That's not the salt under
> discussion, however; the salt I'm referring to is the one which is used
> to make it difficult to brute-force the password from a copy of the
> resultant hash.  That salt is not given to anyone because no one else 
> needs it- only the server needs to know that salt so that it can add it 
> to the password to compare against the hash in the database.

Something that just occured to me... if you're using a random salt, you
can change it periodically without any disruption. So in the case of a
site that's worried about brute-forcing a password or hash you can
periodically update all the salts with new random values.

The protocol could also send a nonce as part of the key exchange. I
believe both techniques would add security.
-- 
Jim C. Nasby, Database Consultant               decibel@decibel.org 
Give your computer some brain candy! www.distributed.net Team #1828

Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"